With the proliferation of SaaS solutions, API integrations and cloud computing, virtually everything in the modern enterprise is connected to untold number of outside entities. In fact, many business processes depend on this connectivity, even when doing so broadens the threat landscape and puts the organization at greater risk.
This interconnectedness means that vendor vulnerabilities become your vulnerabilities. For proof, we need look no further than the massive NotPetya attack that took down hundreds of companies in the summer of 2017. What began as a quasi-cyberwarfare attack on the Ukraine crippled everything from global shipping giant Maersk to a hospital in Pennsylvania, causing $10 billion in losses—all essentially collateral damage. The incident brought the risk of vendor security front and center as the ransomware spread like wildfire, even to organizations that had absolutely no connection to the original targets.